In an international operation coordinated by the National Crime Agency (NCA), authorities have arrested and extradited a man suspected of being a known Russian-speaking cybercriminal.

The arrested individual, Maksim Silnikau, 38, also known as Maksym Silnikov, goes by the online moniker “JP Morgan” and works with a group of other elite cybercriminals. In an investigation that has been ongoing since 2015, the NCA, as well as the United States Secret Service (USSS) and the FBI, have tracked JP Morgan and his associates and established that they are responsible for the development and distribution of ransomware strains such as Reveton and Ransom cartel, and exploit kits like Angler.

On August 9, Silnikau was extradited from Poland to the U.S. to face cybercrime-related charges. His associates (Vladimir Kadariya, 38, from Belarus; and Andrei Tarasov, 33, from Russia) also face charges in the U.S. for their involvement in the ransomware ecosystem, but remain at large.

“Their impact goes far beyond the attacks they launched themselves,” NCA Deputy Director Paul Foster said in an announcement about the extradition. “They were in fact the pioneers of both the exploit kit and the ransomware-as-a-service (RaaS) models, which have made it easier for people to get involved in cybercrime and continue to help offenders.”

The investigation is ongoing and the NCA encourages anyone with relevant information about the Kadariya or Tarasov to Contact the NCA.